Snoops highlight importance of second law

I'm back from a really intense visit to Australia. Some would call the trip home a “long flight”. But not me. I had the Sydney Morning Herald to read, which the day before had featured this piece on 100 government employees fired by their agency, Centrelink (hundreds of others were demoted). It seems – you guessed it – they had been snooping on (and even changing) hundreds of personal records.

So I was fascinated when I came across this piece during my flight. It quotes the head of the Australian government's Smartcard Privacy Taskforce, Professor Allan Fels:

Serious concerns have been raised about the federal government's planned Smartcard after more than 100 Centrelink staff lost their jobs for inappropriately accessing client records.

Labor has called for the privacy commissioner to investigate the breaches, in which 600 Centrelink staff browsed the welfare records of friends, family, neighbours and ex-lovers without authorisation.

And the man heading a privacy taskforce looking into the proposed Smartcard says he is deeply concerned by the breaches.

A total of 19 staff were sacked and 92 resigned after 790 cases of inappropriate access were uncovered.

In the most serious cases, staff members changed client details without authorisation as they spied on sensitive information.

Smartcard Privacy Taskforce head Allan Fels said the breaches highlighted why data on the proposed new card should be kept to a minimum.

The Smartcard will link welfare and other personal details of at least 17 million Australians.

The Centrelink revelations are deeply disturbing,” Prof Fels told ABC radio.

“I take some comfort from the fact that the government has caught them and punished them but there is still a huge weight now on the government to provide full proper legal and technical protection of privacy with the access card.”

Prime Minister John Howard said Centrelink had dealt appropriately with employees who abused their positions of trust.

But opposition human services spokesman Kelvin Thomson said Privacy Commissioner Karen Curtis had to investigate.

Mr Thomson said the news came on top of revelations in June that the Child Support Agency had 405 privacy breaches in nine months – two of which required mothers and their children to be relocated at taxpayers’ expense.

He said the breaches raised serious concerns about the Smartcard.

“The government cannot expect Australians to accept the Smartcard proposal until it satisfies them that it has resolved their legitimate privacy concerns,” he said.

Centrelink spokesman Hank Jongen said five cases had been referred to the Australian Federal Police for investigation, while more than 300 staff faced salary deductions or fines, another 46 were reprimanded, and the remainder were demoted or warned.

The staff were caught using sophisticated “spyware” software monitoring access to client records.

Mr Jongen described the dragnet as a “mopping up exercise”, saying the number of staff involved was small considering Centrelink handled 80 million transactions every week for more than six million customers.

“So you've got to keep these incidents in context,” Mr Jongen told ABC radio.

“The overwhelming majority of our staff have not been involved in these activities.

“Often these activities have simply involved one of our staff, for example, surfing the details of family and friends or taking a peek at their neighbour's records.

“The number of serious offences that have occurred is only a small proportion of the total number.”

Community and Public Sector Union deputy national president Lisa Newman said the job losses were regrettable but the union had long warned Centrelink members about the dangers of inappropriate data access.

Opposition Leader Kim Beazley said the breaches demonstrated the government's administrative incompetence.

Mr. Jongen sounds like a lot of spokesmen, doesn't he? Do spokesmen all train as junior camp councillors? He doesn't see “taking a peek at a neighbour's records” as being “a serious offense”? Luckily we have Mr. Fels standing by to provide adult supervision.

The interesting thing about this story is that on one hand, you have the prospect of a card. On the other, you have the current problems of centralized data storage.

Note that the reason employees could inappropriately access sensitive information was because it was sitting in databases they could get to – not because it was present on a card in someone's wallet.

Centralized databases worry me way more than any other aspect of this technology.

Published by

Kim Cameron

Work on identity.